In this presentation, Tristan Madani will delve into "Predictive Analytics for Adversary Techniques in the MITRE ATT&CK Framework using Rule Mining." This talk introduces a novel approach to predicting potential adversary techniques by leveraging historical attack data and applying association rule mining. Attendees will gain insights into how the MITRE ATT&CK framework can be utilized to enhance threat hunting and incident response capabilities. Key takeaways include understanding the methodology behind rule mining, the practical application of the Apriori and FP-Growth algorithms, and the implications of the findings for proactive cybersecurity measures. This presentation is essential for cybersecurity professionals looking to stay ahead of evolving threats by anticipating adversary actions.

As cyber threats continue to evolve, traditional adversary simulation methods are struggling to keep pace with the sophisticated tactics, techniques, and procedures (TTPs) used by attackers today. In this talk, we explore the shortcomings of current simulation frameworks and introduce the ACTOR Model, a comprehensive and forward-thinking approach designed to overcome these challenges.

Leveraging real-world insights and integrating the MITRE ATT&CK framework and Structured Threat Information Expression (STIX) data, the ACTOR Model enhances realism, scalability, and customization in adversary simulation. Through the lens of humor and deep technical analysis, we declare the end of outdated methods and present the future of simulation: a strategic, adaptable, and highly effective framework that equips organizations to stay ahead of adversaries. Join us as we dive into the next generation of adversary simulation — it’s far from dead, it’s just evolving.

We will demonstrate how to Backdooring Powershell using Phantom DLL Hijacking.